class Frontend::SessionsController < Frontend::BaseController

  skip_before_action :logged_in?

  layout 'frontend_login'

  def new
    @user = User.new
  end


  def create
    @user = User.new(session_params.permit!)
    if !verify_rucaptcha?
      flash[:alert] = '验证码错误'
      render action: :new and return
    end
    user = User.find_by(name: session_params[:name])
    unless user.present?
      flash[:alert] = '该帐号不存在'
      render(action: :new) && return
    end
    @user = user
    if user.status == 0
      flash[:alert] = '该帐号已被停用'
      render(action: :new) && return
    end
    if user.authenticate(session_params[:password])
      set_current_user(user)
      redirect_to frontend_root_path
    else
      flash[:alert] = '用户密码错误'
      render(action: :new) && return
    end
  end


  def destroy
    reset_session
    redirect_to frontend_login_path
  end


  private

  def session_params
    params.require(:user).permit!
  end


end
